A few gems in here besides the TrueCrypt statement, mainly that Apple iCloud and Dropbox are named, and the legal framework is touched upon.
All cloud stored content are automatically hash-scanned
and image-analyzed by their service providers and
infringing content reported to NCMEC (p16)
Mobile content are automatically scanned when they are
synced with cloud storage like Apple iCloud or Dropbox.
Mobile devices that are not cloud-synced can be accessed
by their respective vendors (p16)
If I am reading this correctly, when you upload something to Apple iCloud or Dropbox, there is a background process which generates a hash of your content, then compares that hash with infringing content? What defense do companies have? What about proof that these claims are true (sources, etc)? Can anyone just leak a document that claims XYZ tech company spies on its users and everyone takes this as fact?
Vendors are legally and commercially prevented from
acknowledging their backdoors. Defense will not be
able to prove their existence (p16)
Great, blanket denial either way! I hope this is a hoax!
I think they're speaking about system dumps at the manufacturer level.
For example, I'm fairly confident that the data on Motorola devices can be read completely using USB from bootloader mode without any data modification (using tools like RSD Lite or sbf_flash). By itself that wouldn't get past OS-level encryption, though. That bootloader is entirely Motorola's with functionality and communication protocols dating back to before the pre-Android razr flip phones (from what I could tell back when I was doing battle with the XT720).
On the other hand, passphrases for boot security on mobile devices are often extremely weak (pin or what-have-you) and easy to brute force (assuming there is a backdoor to access the TPM contents or whatever it's called on ARM/OMAP/etc if it uses that sort of thing)
With regards to FileVault for Mac, some friends who used to work as Geniuses at the Apple Store have mentioned having to request special software from corporate that would fix or recover FileVault in some way - they weren't clear and said it was not something they were supposed to talk about. Obviously I'd take the info with a grain of salt, but based on the news lately...
I had an conversation regarding FileVault with the geniuses recently too.
> Oh we see [your MacBook] has a password, would you be able to write it down here?
Haha, nope!
> Any, uh, reason not to?
Nope.
From a conversation later on, apparently not many people opt not to give up their keys. I'm not sure why they pushed me to give it up either, the geniuses know full well that they can just boot their diagnostics disk without the password anyway.
Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).
> Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).